Security News #0x46
- Last week we mentioned a privilege escalation attack on FreeBSD 9.0/9.1 systems (CVE 2013-2171). Metasploit now has a module to exploit this vulnerability.
- Jack Whitten, a researcher in the UK, provided details of an attack on Facebook that would allow for remote account takeover. (And yes, Facebook has fixed the issue.)
- I read a nice piece by khr0x40sh on how to retrieve the SSL key used in Metepreter.
- Juan Vazquez discusses how an exploit for MoinMoin Wiki was developed and made its way into Metasploit. Definitely worth a read for all you students out there!
- The Microsoft Malware Protection Center discusses how they found some malware that is now using some undocumented Intel floating point instructions in an attempt to avoid detection.
- The source code for the Carberp trojan has been leaked to the public. Though the folks at CSIS do not have a download link, the Reddit page does. I can’t vouch for those links though; as commercial cybercrime tools are not my thing, you won’t see me going there either. Brian Krebs has a nice summary of the broader issues.
- Opera reports that they were attacked, and that the attackers made off with at least one old and expired code signing certificate.
- As a professor, my heart was warmed when I read this.
- Threatpost also reports that Sprite Software’s tool AndroidBackup which is installed on some LG Android phones may allow an attacker to gain root access to the phone. And if you think this is an isolated case, here is Justin Case discussing an attack vector for LG phones.